Hi folks,
BoringSSL has developed a test harness[1] that consists of a fork of Go’s
crypto/tls package (recently dubbed “BoGo" at the Berlin hackathon) plus a
test runner that allows BoGo to be run against the TLS stack under test.
BoGo can be configured to behave in a number of unexpected ways that
violate the TLS standard, thus enabling the testing of many scenarios that
would be otherwise difficult to obtain with a standard stack. We (David
Benjamin and Eric Rescorla) have been getting it to work with NSS and
wanted to let others know in case they might find it useful.
This system was initially designed to work with BoringSSL, but in principle
can be used with any stack. The portability is still a little rough, and
we'll likely make changes as we get more experience here, but it has
already been used to test NSS[2] and OpenSSL[3]. We've written up some
notes at [4].
The test suite should be fairly extensive for DTLS and TLS 1.2 (giving
around 75% line coverage in BoringSSL’s TLS code at last count). It tests
TLS 1.3 as well, though those tests are still in progress. They track
BoringSSL’s in-progress TLS 1.3 implementation.
David and Eric
[1] https://boringssl.googlesource.com/boringssl/+/master/ssl/test/
[2]
https://hg.mozilla.org/projects/nss/file/tip/external_tests/nss_bogo_shim
[3] https://github.com/google/openssl-tests
[4]
https://boringssl.googlesource.com/boringssl/+/master/ssl/test/PORTING.md